FEDORA-2025-bee62eff98
Packages in this update:
chromium-134.0.6998.117-1.fc40
Update description:
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
chromium-134.0.6998.117-1.fc40
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
chromium-134.0.6998.117-1.fc42
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
chromium-134.0.6998.117-1.el9
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
A vulnerability has been discovered in Veeam Backup & Replication, which could allow for arbitrary code execution. Veeam Backup & Replication is a comprehensive data protection and disaster recovery solution. With Veeam Backup & Replication, you can create image-level backups of virtual, physical and cloud machines and restore from them. Exploitation of this vulnerability requires authentication to the domain but could result in arbitrary code execution. Data such as backups and images could be compromised.
Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not
properly handle certain return codes when authentication was not possible.
An attacker could possibly use this issue to bypass authentication. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531)
It was discovered that PAM-PKCS#11 did not require a private key signature
for authentication by default. An attacker could possibly use this issue
to bypass authentication. (CVE-2025-24032)
A vulnerability has been discovered in AMI MegaRAC Software, which could allow for remote code execution. MegaRAC is a product line of BMC firmware packages and formerly service processors providing out-of-band, or lights-out remote management of computer systems. Successful exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard components (BMC or potentially BIOS/UEFI), potential server physical damage (over-voltage / bricking), and indefinite reboot loops that a victim cannot stop.
It was discovered that go-gh incorrectly handled authentication
tokens. An attacker could possibly use this issue to leak
authentication tokens to the wrong host. (CVE-2024-53859)
Posted by Apple Product Security via Fulldisclosure on Mar 20
APPLE-SA-03-11-2025-4 visionOS 2.3.2
visionOS 2.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122284.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: Apple Vision Pro
Impact: Maliciously crafted web content may be able to break out of Web
Content sandbox….
Posted by Apple Product Security via Fulldisclosure on Mar 20
APPLE-SA-03-11-2025-3 macOS Sequoia 15.3.2
macOS Sequoia 15.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122283.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Sequoia
Impact: Maliciously crafted web content may be able to break out of Web
Content…
Posted by Apple Product Security via Fulldisclosure on Mar 20
APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2
iOS 18.3.2 and iPadOS 18.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122281.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and…